From 64b8695cd8bbdca44dde226bde698489d68a44be Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Mon, 7 Nov 2016 23:29:45 +0100
Subject: guix download: Add '--no-check-certificate' option.

* guix/download.scm (download-to-store): Add #:verify-certificate?
parameter and honor it.
* guix/scripts/download.scm (%default-options): Add
'verify-certificate?' key.
(show-help, %options): Add '--no-check-certificate'.
(guix-download): Pass #:verify-certificate to 'download-to-store'.
* doc/guix.texi (Invoking guix download): Document it.
---
 guix/scripts/download.scm | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'guix/scripts/download.scm')

diff --git a/guix/scripts/download.scm b/guix/scripts/download.scm
index bcb4eaa043..ec30b05ac0 100644
--- a/guix/scripts/download.scm
+++ b/guix/scripts/download.scm
@@ -41,7 +41,8 @@ (define-module (guix scripts download)
 
 (define %default-options
   ;; Alist of default option values.
-  `((format . ,bytevector->nix-base32-string)))
+  `((format . ,bytevector->nix-base32-string)
+    (verify-certificate? . #t)))
 
 (define (show-help)
   (display (_ "Usage: guix download [OPTION] URL
@@ -52,6 +53,9 @@ (define (show-help)
 ('hex' and 'hexadecimal' can be used as well).\n"))
   (format #t (_ "
   -f, --format=FMT       write the hash in the given format"))
+  (format #t (_ "
+      --no-check-certificate
+                         do not validate the certificate of HTTPS servers "))
   (newline)
   (display (_ "
   -h, --help             display this help and exit"))
@@ -77,6 +81,9 @@ (define fmt-proc
 
                   (alist-cons 'format fmt-proc
                               (alist-delete 'format result))))
+        (option '("no-check-certificate") #f #f
+                (lambda (opt name arg result)
+                  (alist-cons 'verify-certificate? #f result)))
 
         (option '(#\h "help") #f #f
                 (lambda args
@@ -120,7 +127,10 @@ (define (parse-options)
                      (parameterize ((current-terminal-columns
                                      (terminal-columns)))
                        (download-to-store store (uri->string uri)
-                                          (basename (uri-path uri)))))))
+                                          (basename (uri-path uri))
+                                          #:verify-certificate?
+                                          (assoc-ref opts
+                                                     'verify-certificate?))))))
            (hash  (call-with-input-file
                       (or path
                           (leave (_ "~a: download failed~%")
-- 
cgit v1.2.3